/
Confidential Information

Confidential Information

We encourage you to share your great work. However, please always be mindful that some of the work that we produce for customers is confidential per non-disclosure agreements and cannot be shared as-is. To protect the customer’s security and Axelerant legally, sensitive information like the customer’s name, site, URLs, administrative access, passwords, and secret keys shouldn’t exist outside of the project itself.

Before sharing publicly, check the Master Project Reference or alternately the archived Axelerant Projects for confidentiality status before directly naming an organization or engagement.

On the legal side, all data in any mode, electronic or otherwise, produced on behalf of Axelerant is the property of Axelerant. Any misuse of data could be considered theft, and the violator is held liable.

Confidentiality Reminders

Please ensure that the following safety steps are read, understood, and agreed upon by you before working on any project. When violations happen, please take corrective action immediately besides reporting such to your leadership.

  • Ensure only a fork of the project repository is used.

    • Do not push the code to any personal repositories, even private ones.

    • The code should not be stored anywhere other than the approved, provisioned repository's fork.

    • E.g., No Google Drive, no private repositories, no external drives.

  • Never download any production database even when you have access to the live environment. Work with Client Staff Engineer/Architect and Project Manager for access.

  • Avoid copy-pasting from customer projects. Adapt it afresh.

    • Do not use any code or assets from any Axelerant client projects in your personal projects.

    • Use open-source code only with written consent from the Client representative, coordinated via the Axelerant Customer Success Manager.

  • Never commit to identifying information or secrets. When you accidentally commit, overwrite your commits or rebase your histories.

    • Never commit API keys, SSH keys, passwords, secrets, or other sensitive data to a codebase repository.

    • When such data is to be committed, work with client-side staff engineers/architects or Axelerant PM + DevOps to determine the suitable approach for such needs.

  • Ensure there is no sensitive information in commit messages or other metadata, such as company author/committer name/email.

  • When you’re sharing internally, make sure the project is marked internal or private because search engine spiders check public projects.

  • Don’t use public lists to share confidential information and snippets which contain identifying information. Use an internal Jira comment, a private Confluence page, or a limited-access Google document instead.

    • Do not use any third-party tools like Codepen, Pastebin, etc., to share or store (even temporarily) any code from client projects.

  • Check whether a project is marked as confidential in the Axelerant Skills Cloud before sharing customer and project names in your resume.

    • Team members must agree not to mention client names, logos, or other trademarks, and use any sensitive, confidential data anywhere on Linkedin or anywhere on the web, in their CVs, camp sessions, or anywhere in the public, or private domain.

  • Follow the Secure Project Closure process at the end of an engagement.

    • Ensure that all local repositories and forks of team members are removed and all accesses to customer environments, and hosted instances (Acquia cloud, AWS, Pantheon) are revoked.

  • Any loss or theft of any laptop containing Client code should immediately report client information to Axelerant SM/PM and Client PM.